Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Cisco announced on April 16 a series of enhancements to its Advanced Malware Protection (AMP) for Endpoints platform that provide improved email security and visibility capabilities.

The new capabilities include Cisco Visibility, which provides a threat hunting capability to AMP for Endpoints, enabling security professionals to gather insights for investigations. Fileless malware detection and prevention has also been enhanced, as has email security with advanced phishing and domain protection services. The new email security features in AMP for Endpoints come to Cisco by way of an OEM integration with email security vendor Agari, which former Cisco executives founded in 2009.

Jason Lamar, senior director in Cisco's Security Business Group, said Cisco has had secure email gateway technology since it acquired IronPort in 2007. What Cisco had been missing is a Domain-based Message Authentication, Reporting and Conformance (DMARC) email authentication capability.

Further reading

DMARC is a protocol that helps protect the integrity and authenticity of email. With the new domain protection services in AMP for Endpoints, Cisco is providing capabilities to enable organizations to set up DMARC for their own domains.

"Through our OEM agreement with Agari, we are enhancing our email security product," Lamar told eWEEK. "Agari has solid traction in the marketplace and the best technology to help protect our customers' company domains from being misused as the delivery mechanism of malicious emails, as well as protect their internal users from phishing and spoofing attacks from emails with suspect senders."

Cisco is also using Agari's technology to provide an advanced phishing protection technology that also benefits from DMARC. What happens with phishing emails is that organizations get third-party actors that send email that looks like email that is sent within the company, according to Lamar.

"By implementing our DMARC-compliant email authentication service, the email gateway will not accept emails that are not authenticated," he said.

Fileless Malware

An increasingly popular form of attack is malware that does not make use of file, but rather executes entirely in memory. One of the most common fileless attack vectors is the use of PowerShell scripts, which is something that AMP for Endpoints can now help to defend against as well. Lamar explained that the new fileless malware prevention is part of a new engine that is available in AMP for Endpoints.

"The engine watches when an application and all its resources load into memory, then it copies and randomizes the data," Lamar said. "After creating the new memory structure, the engine creates a decoy of the original memory structure."

The fileless malware engine steers legitimate code to the correct memory structure and directs malicious code that is potentially using PowerShell to the decoy, where the exploit is neutralized and blocked, he added.

Cisco Visibility

Another enhanced capability that has landed in AMP for Endpoints is Cisco Visibility, which includes threat intelligence from third-party vendors as well as Cisco's Talos research group. In addition, Cisco Visibility provides threat hunting capabilities, Lamar said.

"Going forward, we will have the ability to turn on other endpoint detection and response tools that are API-driven so companies can pull in their existing tools for additional context and correlation," he said.

AMP for Endpoints now also protects organizations against unauthorized cryptocurrency mining operations. Lamar said Cisco has integrated indicators of compromise (IOCs) into AMP to detect unauthorized cryptocurrency mining activities.

The cryptocurrency blocking is further enabled with Cisco's Umbrella cloud security platform, which has a category in it already that can block the communication channels back to the cryptocurrency mining domain.

"Cisco Umbrella is the first line of defense to help prevent malware from being downloaded. Cisco AMP for Endpoints is essentially the last line of defense in case malware gets installed in the machine agent," Lamar said. "With our technology, AMP, the technology will detect and stop the malware from running on the endpoint."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.